# Security Engineer, Cloud Infrastructure

**Company:** [Mercor](https://hotfix.jobs/companies/mercor)
**Location:** San Francisco, CA, New York, NY
**Role:** Security Engineering
**Salary:** $130k – $500k/yr
**Experience:** 5+ years
**Skills:** AWS, Kubernetes, Terraform, Wiz, Cspm, IAM, Scps, Vpc, Security Groups, Snowflake, Falco
**Posted:** 2026-04-15

> Designs and implements cloud security architectures including multi-account AWS isolation, Kubernetes hardening, and CSPM with Wiz for enterprise tenant separation. Requires 5+ years in cloud/infrastructure security, IaC expertise, and production experience.

## Job Description

## What You'll Build
- Multi-account AWS tenant isolation architecture - dedicated accounts, SCPs, network boundaries, and data segregation for enterprise clients
- Cloud security posture management using Wiz CSPM - continuous monitoring, misconfiguration detection, and automated remediation
- Kubernetes security hardening - pod security standards, network policies, secrets management, and runtime protection
- Infrastructure-as-code security guardrails - Terraform/CloudFormation policies that prevent insecure deployments before they reach production
- IAM architecture and least-privilege access controls across AWS, Snowflake, and internal services
- Incident response infrastructure - logging pipelines, forensic readiness, and blast radius containment

## What We're Looking For
- Deep AWS security expertise - you've architected multi-account strategies, written SCPs, and hardened production environments
- Experience with Kubernetes security in production - not just tutorials, you've secured real clusters running real workloads
- Strong infrastructure-as-code skills - Terraform, CloudFormation, or Pulumi - you think in code, not console clicks
- Experience with CSPM/CNAPP platforms (Wiz, Prisma Cloud, or similar) - deploying, tuning, and driving remediation
- Understanding of network security at the cloud level - VPCs, security groups, transit gateways, PrivateLink
- You've designed tenant isolation for multi-tenant SaaS - data segregation, compute isolation, network boundaries
- **5+ years** of professional experience in cloud security, infrastructure security, or platform/SRE engineering with a strong security focus

**Bonus Points**
- Experience with Snowflake security - schema-level isolation, access controls, data sharing governance
- Familiarity with container runtime security (Falco, SentinelOne Cloud Workload Protection, or similar)
- Offensive cloud security skills - you've exploited misconfigurations and understand the attacker's perspective
- Experience building compliance-ready infrastructure (SOC 2, ISO 27001, FedRAMP)
- You've handled cloud security incidents - forensics, containment, and root cause analysis in AWS
- Contributions to open source infrastructure security tools

## Similar roles

- [GRC Engineer](https://hotfix.jobs/jobs/74fe741b-d4b0-4bf7-a4cf-e46547a0f775) - NinjaTrader - Chicago, IL - $130k – $145k/yr
- [Security Engineer, Application Security](https://hotfix.jobs/jobs/f2d0e34d-91a7-4864-8672-e4a6901e3ca0) - Mercor - San Francisco, CA - $130k – $500k/yr
- [Threat Analyst](https://hotfix.jobs/jobs/4b2b74c9-ad53-4093-b1b0-636a8b41216c) - Socket - Remote - $126k – $170k/yr
- [Infrastructure Security Engineer](https://hotfix.jobs/jobs/2c4da5b3-0e94-43e0-8601-ccdf1caa3a8b) - Upstart - Remote - $134k – $186k/yr
- [Product Security Engineer](https://hotfix.jobs/jobs/9d882237-2bab-40b2-ac5d-126cebd6af93) - Applied Intuition - Sunnyvale, CA - $125k – $160k/yr

**Apply:** https://hotfix.jobs/jobs/b0117560-de94-4dc1-ba75-291e6344ef60
**Canonical:** https://hotfix.jobs/jobs/b0117560-de94-4dc1-ba75-291e6344ef60